Mikko Hyppönen, director of antivirus research for F-Secure, wrote that the new worm is based on MyTob, a mass-mailing worm that opens a back door and lowers security settings on compromised machines.

Finish antivirus firm F-Secure found a new worm on Sunday that attacks the Windows Plug-N-Play vulnerability that Microsoft patched last Tuesday. The security firm's researchers said the worm, which they named ZoTob, poses the biggest risk to users running Windows 2000.

Industry researchers began seeing exploit code for the critical Microsoft vulnerability showing up on various hacking Web sites on Friday. According to F-Secure's Web site, Zotob began spreading as early 7:30 a.m. EST Sunday morning.

Mikko Hyppönen, director of antivirus research for F-Secure, wrote that the new worm is based on MyTob, a mass-mailing virus that opens a back door and lowers security settings on compromised machines.

Hyppönen noted that the ZoTob worm might be using exploit code published by a researcher known as "houseofdabus" four days ago. ZoTob is the first major self-propagating program since the Sasser worm -- which began spreading April 30, 2004 -- to target a Microsoft Windows vulnerability.

F-Secure researchers also announced their discovery of two variants of the ZoTob worm. Each one gives hackers access to unpatched computers and shares several similarities with the earlier MyTob worm.